Today the Japanese exchange Liquid has been hacked.
The company itself reported that on Twitter, saying that the exchange’s online wallets have been compromised, which is why Liquid is now moving assets to cold wallets.
We are sorry to announce that #LiquidGlobal warm wallets were compromised, we are moving assets into the cold wallet.
We are currently investigating and will provide regular updates. In the meantime deposits and withdrawals will be suspended.
— Liquid Global Official (@Liquid_Global) August 19, 2021
The company warned that it has suspended deposits and withdrawals and is still investigating the incident.
The company has also made public the four addresses to which the hackers sent stolen BTC, ETH/ERC20, TRX, and XRP.
Liquid is currently trying to track the movements of the stolen assets and, to do so, is working with other exchanges possibly to freeze and recover them if possible.
One of the addresses to which stolen BTCs were sent now contains as many as 107 of them, or over $4.5 million, while one of those to which ETHs were sent contains nearly 15,000 of them, or nearly $45 million, plus other ERC20 tokens worth almost $25 million.
Another $11 million appears to have been deposited in XRP, so the stolen assets could have a total value of more than $85 million.
How Liquid was hacked
The fact that the online wallets and not the cold wallets were hacked suggests that the attack somehow managed to sneak into the exchange’s online management system to gain access to those wallets and move the tokens.
Unfortunately, similar episodes have already happened in the past, also to the detriment of big platforms like Twitter, so the attack is probably one of the most common ones.
To date, it is not yet known if the company has insurance against this kind of funds and if its users will be reimbursed.
The only thing that is always certain is that when holding tokens in a third-party custodian wallet, and not in one of your own, the risk of being robbed is higher because hackers prefer to focus their efforts on trying to breach large wallets of large platforms, rather than those of private investors which are usually better protected and contain lower values.
CTO of Bitfinex and Tether, Paolo Ardoino, commented:
“Today’s hack at the Liquid exchange is the latest security breach in the digital token space. This is another warning, if one were needed, to everyone. The ingenuity of bad actors seeking to breach the security systems of exchanges and trading platforms will not abate. It is therefore imperative that we work together as an industry with all exchanges remaining in a perpetual state of vigilance against such threats. While the safeguarding of customer funds is of course an exchange’s number one priority, holders of cryptocurrencies should take all steps necessary to ensure that their funds are safe. These include ensuring that they have a cold wallet, two factor authentication, notification messages when funds are withdrawn, and avoiding public WiFi.”